A Methodology for Testing Intrusion Detection Systems
IEEE Transactions on Software Engineering
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Hidden Markov Model} Induction by Bayesian Model Merging
Advances in Neural Information Processing Systems 5, [NIPS Conference]
Learning nonstationary models of normal network traffic for detecting novel attacks
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Intrusion Detection Testing and Benchmarking Methodologies
IEEE-IWIA '03 Proceedings of the First IEEE International Workshop on Information Assurance (IWIA'03)
IntruDetector: A Software Platform for Testing Network Intrusion Detection Algorithms
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
WebDAV: what it is, what it does, why you need it
SIGUCCS '03 Proceedings of the 31st annual ACM SIGUCCS fall conference
Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
Network traffic anomaly detection based on packet bytes
Proceedings of the 2003 ACM symposium on Applied computing
Measuring normality in HTTP traffic for anomaly-based intrusion detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
A Serial Combination of Anomaly and Misuse IDSes Applied to HTTP Traffic
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Learning DFA representations of HTTP for protecting web applications
Computer Networks: The International Journal of Computer and Telecommunications Networking
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
A methodology for designing accurate anomaly detection systems
Proceedings of the 4th international IFIP/ACM Latin American conference on Networking
A Comparative Evaluation of Anomaly Detectors under Portscan Attacks
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Boosting Web Intrusion Detection Systems by Inferring Positive Signatures
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Incorporation of Application Layer Protocol Syntax into Anomaly Detection
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
McPAD: A multiple classifier system for accurate payload-based anomaly detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
A general framework for adaptive and online detection of web attacks
Proceedings of the 18th international conference on World wide web
On achieving good operating points on an ROC plane using stochastic anomaly score prediction
Proceedings of the 16th ACM conference on Computer and communications security
KIDS: keyed intrusion detection system
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Accuracy improving guidelines for network anomaly detection systems
Journal in Computer Virology
Abstracting audit data for lightweight intrusion detection
ICISS'10 Proceedings of the 6th international conference on Information systems security
High-speed web attack detection through extracting exemplars from HTTP traffic
Proceedings of the 2011 ACM Symposium on Applied Computing
Mining Concept Drifting Network Traffic in Cloud Computing Environments
CCGRID '12 Proceedings of the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012)
N-Gram against the machine: on the feasibility of the n-gram network analysis for binary protocols
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Review Article: RePIDS: A multi tier Real-time Payload-based Intrusion Detection System
Computer Networks: The International Journal of Computer and Telecommunications Networking
A close look on n-grams in intrusion detection: anomaly detection vs. classification
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
A survey on server-side approaches to securing web applications
ACM Computing Surveys (CSUR)
| Hi-index | 0.00 |
Much data access occurs via HTTP, which is becoming a universal transport protocol. Because of this, it has become a common exploit target and several HTTP specific IDSs have been proposed as a response. However, each IDS is developed and tested independently, and direct comparisons are difficult. We describe a framework for testing IDS algorithms, and apply it to several proposed anomaly detection algorithms, testing using identical data and test environment. The results show serious limitations in all approaches, and we make predictions about requirements for successful anomaly detection approaches used to protect web servers.